Cloud Computing

Moving to the cloud is no longer an option for government agencies. This in-depth Q&A provides unique insights into the government cloud migration by breaking down complexities and assisting agencies in the decision-making process.

Marco MartinezServices Marketing Manager, Dell Federal Government

Most people are aware of the concept of the cloud and are familiar with it at the consumer level through such things as Google and FaceBook, but they’re not sure what it means to implement the cloud in a business or government agency environment, and what it means to them operationally or strategically.

I think the onus is on us, the cloud providers, to help agencies discover that. There are tools that can help them learn about the cloud and its benefits, and we’ve just launched a new series of labs in which they can test their applications to see how they work in the cloud. But the simple answer is that many agencies don’t yet completely understand how they can benefit from the cloud and there’s still something of a fear factor with it.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Cloud providers love to wax rhapsodic about the benefits of utility computing, and there is plenty about that on their marketing Web sites. What is missing is a way for agencies to translate the promises they find there into specific benefits that they can then measure.

To do that effectively, an agency needs a fairly good understanding of what it already has, what is working well in its IT infrastructure, what is not working so well, and what can be improved. Once it has that understanding, it can more easily evaluate the benefits of the cloud in general and the specific benefits that each cloud provider brings.

Without agencies having a good idea of what they are already doing internally it is too difficult for them to know whether moving to the cloud will bring benefits. So, first getting that internal understanding is essential.

Marco MartinezServices Marketing Manager, Dell Federal Government

There are always some applications that could be hosted in the cloud and that would help an agency improve the way they do things, but there are issues they need to understand that supersede cost. The hard part for most government agencies is deciding how to structure their requirements and then how to actually design the cloud. To do this properly they must choose a partner who can best help them understand what they need based on their requirements, or what kind of flexibility is needed to enable them to meet the requirements.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Assuming that an agency has managed to gain that internal understanding and has been able to identify the benefits of being in the cloud, then I would say it should go ahead and adopt cloud computing. In fact, I think it should become the new default deployment policy. Unless there is a reason for them not to do it, they should make the move. Even for existing projects that are due to go into a refresh cycle, cloud should be the default for that also.

To wring the maximum value from a cloud deployment, agencies should be prepared to devote a fair amount of resources because cloud architecture is fundamentally different from a traditional, on-premise architecture. Such things as how to develop applications, where to locate data, how to plan for disaster recovery and even how to implement security controls all have to be revisited for the cloud.

Marco MartinezServices Marketing Manager, Dell Federal Government

Security and compliance are probably the two biggest things any government agency has to have in mind when moving to the cloud, but both of them are moving targets. Compliance needs focused around FISMA, NIST, HIPAA as well as future regulations will always be changing. And as far as security is concerned, we unfortunately live in a world where cybercrime is the chic new form of crime. You also have hacktivists whose actions can be categorized as disruptive, destructive, and some that could even be considered terroristic. As government information is in many cases considered the most sensitive and difficult to obtain, these groups will continue to target government entities.

So the first thing these agencies need to do is make sure no sensitive data or application moves beyond their control, which is where the discipline around attention to detail and the initial structure of the requirement in contract negotiations comes into play. Then, as far as what you move to the cloud, a first easy step is to pick some application or function that has fallen off the priority list. In fact, taking advantage of the ROI the cloud gives you is a good way of moving that service or application back on to the priority list.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

This seems more a human factor question about getting people to change the way they do things. Clearly there are certain exceptions to prevent some workloads from moving to a shared infrastructure, but does each agency or workload need its own dedicated data center? I do not think so.

I think the cloud first mandate, and the need for agencies to obtain an exception to do anything on-premise, will help change the mindset of people. If the exception process is painful enough it will discourage agencies from inventing convenient excuses for not having to change the old, familiar ways they do things.

Marco MartinezServices Marketing Manager, Dell Federal Government

Dell’s philosophy is to start at the end and work backwards. Here’s the problem I want to solve, here’s what I need to solve it, here’s the impact to my end users, to IT staff, to the infrastructure, to the management budget, to the hard costs etcetera, and here’s what I expect to gain from the move.

After identifying the end point, government customers should then start moving those pieces around to sort out exactly what they are trying to do - such as saving on costs, improving flexibility, freeing up floor space, repurposing labor and so on. Then, looking more closely at the hard and soft costs involved and how to balance those, agencies can then make an informed decision.

Once you define your requirements the rest of it, and what kind of cloud best fits the needs, falls into place. That strict attention to detail on design and the requirements is really the secret sauce.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Different workloads can use different cloud models. That is one of the neat things about the cloud. And, there are emerging technologies that make it easier to switch those workloads between various clouds, as needed. Which deployment model to use is driven by how data is classified and what the sensitivity of that data is. Then, the question becomes which kind of cloud best provides the security required.

Other considerations for agencies to take into account are availability, the elasticity of on-demand capacity, being able to scale capacity as required, and whether the provider offers metered billing. But whether an agency uses a public or private cloud will be driven by who has access to the information contained in the cloud. The important thing is not to choose a model and then try to force everything into that.

Marco MartinezServices Marketing Manager, Dell Federal Government

Yes and no. Optimal productivity means no security at all and no obstacles in peoples’ way. Optimal security means being so handcuffed that you can’t do anything. Government agencies really have to decide what sort of balance between security and productivity they are looking to strike, and how many layers they want to build in to that. Obviously you can never ignore security it has become an assumed layer, but the question is how much.

Think about smartphones and how many people are using them now and for so many different kinds of applications and services. The problem is that you can’t run virus software on a smartphone because it would decimate the battery life, lead to frequently dropped calls and so on. Even though I know I’m susceptible through my smartphone, I would rather have 100 percent uptime and have the flexibility and mobility that offers.

Agencies will have to make the same kind of decisions about the risks and utility the cloud provides for them. Again, security standards should be part of the design, not an afterthought.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

The world’s largest online retail companies put their entire catalogs in the cloud, major pharmaceutical manufacturers use the public cloud for testing compounds, and now major government sites such as Treasury.gov, Recovery.gov and NASA use the public cloud. Organizations with large amounts of highly valuable intellectual property are using the public cloud. So, for anyone to claim that the cloud is not secure enough for them, they might want to take a closer look at the approach these large government agencies are taking.

It is also important to acknowledge that cloud providers are under constant pressure to prevent their services becoming attractive to bad guys. They make it exceptionally difficult for customers to interfere with each other. And they are constantly looking to adopt increasingly stringent certifications, including those required for federal work, such as FISMA and FedRAMP.

The final test is whether the cloud provider is transparent about how they manage their security. Agencies should not work with cloud providers that are not clear about their approach to security.

Marco MartinezServices Marketing Manager, Dell Federal Government

This should be clear after the initial assessment. For this assessment Dell will go in and evaluate agency environments and meet with the end users and stakeholders, define the requirements, and then provide an estimate of the first order costs. The second order costs are harder to get to and require some form of modeling. They are things such as data center utilization and the effect that has on power and cooling, the ability to repurpose employees to do other things, whether more people have to be hired and so on.

The ROI may not be as clear later as in the beginning, but it will be there and agencies will certainly be able to measure it.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

A lot of providers publish calculators that show how to compare the cost of running something in the cloud to doing it in-house, but they are often not as good as they need to be. They do not account for personnel costs, for example, and they do not measure the benefit that comes with capacity and demand elasticity. That is possibly the most important benefit of the cloud. With a traditional, on-premise infrastructure agencies have to guess what demand might be and build the data center accordingly. With the cloud, agencies can match it exactly, as needed.

When your resource availability curve exactly matches the demand curve, to me that sounds like the perfect ROI.

Marco MartinezServices Marketing Manager, Dell Federal Government

At Dell we’ve been working with virtualization for a long time, and we’ve developed cloud class servers to help optimize efficiency. We’re also continuing to acquire companies that help us improve services, management and security of the cloud.

The added value gained from working with Dell is that we don’t look to drive our customer in a specific direction. Through this approach we can really dig into what the customer is trying to accomplish rather than force them into only one direction. There are some companies out there who have a very siloed approach to the cloud, but I think we can offer a little more flexibility by starting with the agency’s mission, figuring out what it’s trying to accomplish, and then building around those requirements.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Riverbed is a nine-year old organization whose reputation is based on accelerating applications over wide area networks (WAN) so that resources feel like they are right next door to the user. The cloud is a natural next step for us because, in many ways, a cloud is similar to a WAN.

We provide the broadest and best portfolio of performance optimization products to solve a range of customer performance problems. With our solutions, agencies can virtualize applications and improve performance levels so that employees can be as productive as if everything was local. A consolidated cloud infrastructure enhanced by our performance optimization solutions provides costs savings and performance benefits so that a government organization can operate more efficiently than ever before.

When your resource availability curve exactly matches the demand curve, to me that sounds like the perfect ROI.

Marco MartinezServices Marketing Manager, Dell Federal Government

It can be whatever you build into the definitions and requirements. Temporary solutions make sense for disaster situations, FEMA relocation resources, situational up ticks in capacity demands such as at tax time, and so on. The beauty of the offering is that you set it up for the cycles that you need. And the onus is on the cloud provider to make sure those needs are met.

If an agency puts in its initial requirements that it will need X amount of capacity during normal times, but that in peak periods it may need Y, as long as that is written into the original statement of work and requirements, the cloud provider should make it available and the agency should only get billed regularly for non-peak capacity. But, again that depends on getting everything set up at the beginning. The most important part of the process is defining what you want to do.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Using the cloud as a temporary resource could be seen as conflicting with the “cloud first” mandate and the notion that the cloud should be the default choice. It is tempting for organizations to consider the cloud as an extension of an existing data center, but using it that way would make it more difficult to scale for demand needs because to do that you need to incorporate full cloud functionality into the requirements.

Also, organizations come across the mindset challenge if they consider the cloud only a temporary resource. It means people will believe they do not have to worry about managing it well, or at all.

Marco MartinezServices Marketing Manager, Dell Federal Government

End users, finance, chief security officers, IT staff, top level management, compliance officers, regulatory agencies, legal and contracting are stakeholders that all need to provide what it is they specifically need from the cloud and what the impacts on their business will be. They also need to detail how they are going to assess those impacts, what their metrics are for the success of the move to the cloud, and what their SLAs (service level agreements) will be.

As you start going through the needs of all of these stakeholders, that’s what will shape a more robust solution. Agencies will have to meet the needs of all of these stakeholders. It can’t just be about what square footage you need to cut the data center down by so you can save on cooling.

It's a true Gordian Knot, and you can either try to untangle it or find something that's powerful enough to slice right through it.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

If an IT organization were to decide on its own to move production workloads to the cloud, then it will be making that choice at its peril. IT does not have all of the information needed to make that decision because such things as planning for disaster recovery need input directly from the groups within the agency that will be affected by events. How often does the data have to be copied, where does it need to be put, how quickly does it need to be recovered? The working units know the answers to all of that, not IT.

Data location and data portability also require consulting with the legal and compliance teams. The cloud providers have their own certifications, and agency internal audit groups need to review that to make sure they conform to the agency’s requirements. Then, of course, there are budgetary requirements, so the IT department will also have to work with finance.

The decision to move to the cloud requires input from many different areas of an agency.

Marco MartinezServices Marketing Manager, Dell Federal Government

All application development is a constant process of moving from yesterday’s state to some future state. The difference with the cloud is how you design your applications. An example is Hotmail versus Exchange. They’re both Microsoft email applications, but Hotmail was specifically designed to take advantage of massive scale and multiple data center locations with hundreds of servers in each, whereas Exchange was designed to work with a single set of data center servers.

So, the choice is up to the customer. If an agency is willing to fundamentally change the architecture of its applications to take advantage of that hyper scale then the cloud is a viable alternative. If not, we have tools and solutions specifically designed for the hybrid and private cloud solutions that can help them “cloudize” their applications. But with those types of cloud solutions, agencies won’t get the overall cost savings that a full-blown cloud implementation will deliver.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Yes. There are fundamental differences in the way applications should be built around a cloud. Probably one of the most shocking changes is that servers are now disposable resources. People are not used to hearing that. It takes only a few lines in a script file to get compute resources now, and within a matter of minutes those resources are available.

Cloud computing also simplifies the process of updating applications. For example, if a workload is in production and it becomes time to make an update to it, developers can clone that application, add the new features, test the update and make sure it works, and then simply move it over to that new environment which now becomes the new production environment. This approach is very different from the traditional process.

The beauty of this is that the developers and administrators in an agency do not need to invent these procedures from scratch. The cloud providers often publish detailed technical guidance for how to develop on their particular platform and how to do these in-place migrations.

Marco MartinezServices Marketing Manager, Dell Federal Government

It’s fragmented, and there are multiple standards vying to be the official standard. We subscribe to NIST and that’s the model were following now. However, at Dell, we’re keeping to an open approach and we work with a number of different hypervisor vendors. We’re trying to be as open as possible to our customers’ needs and to the potential changes in the technology.

The beauty of it for agencies is that once they define their requirements for the cloud vendor, then it’s up to the vendor to meet them. If part of the requirement is to adhere to any changes in compliance regulations or standards and that’s in the contract, then it’s what the provider will have to come up with.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Standards typically lag innovation, and cloud computing is one of the IT industry’s most rapidly evolving developments. When I was working at a cloud provider, it seemed like there was a new service coming out every week. So, standards for the cloud right now are in the very early stages of development.

And, because of that I am not sure standards are mature enough yet to be part of the decision making process for choosing one provider over another. More important is that the cloud provider offers a graceful way to retrieve or remove data and the processing workload if an agency decides to go elsewhere. If a provider does not clearly state that the data belongs to the agency and not to itself, then the agency should avoid that provider.

Marco MartinezServices Marketing Manager, Dell Federal Government

The skill sets aren’t necessarily different, but the context is different. Some engineers will end up in the same room they’ve always occupied, but doing different things. It’s more of a change in mindset. Once you assimilate and accept the cloud, your IT folks will automatically look to “cloudize” applications. There won’t be a need for as many hardware specialists, because with the cloud it’s really all about the application.

So each of those qualities and mindsets will require a bit of a shift for agencies and their staff. There will still be a need for some iron in the environment, so agencies will still need IT to fix breaks, unless that’s also farmed out, but for the most part, it’s going to be about managing the application and application development. It will be a minor shift with a little bit of a learning curve, but those who have the skill sets for today’s environment already have the skills for tomorrow’s cloud environment.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Technical challenges aside, the personnel issue is one of the biggest fears about going to the cloud. I give a lot of presentations about how to make the move, and – while they will not publicly say this – I know that agency IT personnel do fear losing their jobs because of it.

But, the good ones should relish it. They will gain a better understanding of what the agency’s business is and they can put themselves in a position to provide greater value. Yes, it will require new skills; but, the entire history of technology advancement has restructured every form of work. It is why there are no more buggy whip manufacturers in the U.S.

There will be some changes, for sure. For example, what is the person whose primary job it is to take the server out of the box and put it in the rack going to do once the server is just a line in a script? Well, if he is really interested in advancing his career I would expect he would understand that the next logical migration for him is helping to do capacity planning, which would mean that he is working more closely with the staffing agencies who do the work.

There is a natural tension. Some people are simply not going to want to learn anything new. Others are going to jump at the chance. As difficult as it sounds, I see cloud computing as one of the things that is going to force a change in staffing as a reluctance of some people to move, but that will reward those people who are eager to make the move.

Marco MartinezServices Marketing Manager, Dell Federal Government

I would say a grand slam would be a cut over and no one notices. A home run would be moving some applications or storage that wouldn’t be disruptive, that meets all of your agency’s requirements and SLAs, and also saves you money, space and time.

It really depends on what the agency is trying to accomplish. If an agency gets all of its stakeholders in the same room and they’re OK with some disruption as they make this move, then disruption is not going to be a metric of failure. If their only goal is moving this application out of the current environment because it’s too costly to maintain, or they need to shut down a data center, or repurpose a building and that’s their goal, then that would be the measure of success.

Success must be defined on the front end and then executing against that definition on the backend. And that should be the first part of any discussion of moving to the cloud, how agencies would rate certain things in terms of what they want to accomplish.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

When I hear someone say, “this is a success,” that sounds to me that something has reached a conclusion and that a project is finished. An intriguing aspect of using the cloud for IT projects is that projects do not truly need to be done, completely. The notion of “done” is really the old style of building technology, where you have a definite beginning and end. Agile development methodology largely replaces that old waterfall style of development, and cloud computing is an ideal platform for agile development.

Because resources can be provided on demand, you can do continuous updates to improve projects, which now become iterative. They can easily adapt to meet the evolving needs of the agency’s mission. And that means being “done” is no longer a requirement. Success now comes from knowing that new functionality can be envisioned, tested and deployed quickly without obstructing existing operations.

Marco MartinezServices Marketing Manager, Dell Federal Government

A major driver is certainly the use of community clouds inside the federal space, so that agencies can share resources. This way they don’t have to silo their data or provide disaster recovery plans and thus avoiding the need to add additional infrastructure. Another would be entities looking to collaborate to use off-peak compute cycles which has become a way to increase the availability of data, or to logically share data, in multiple locations. And, obviously, with budget issues currently at the forefront of government activity, helping government do more with less and cut down on having to replicate resources over multiple agencies is also another trend that cloud will help realize.

As far as technology changing and how that will influence the cloud space, I think we’re always going to be in a state of evolution and we’ll have to accept that there will never be a period of stasis in our lifetimes and that there’s always going to be something better and faster and shinier on the horizon.

That puts pressure on us at Dell to always be ready, and it’s why we’re constantly acquiring expertise as well as growing organically. We just launched the first few of 22 proof-of-concept centers for the cloud so our customers can come in, get a briefing, do a whiteboard and test their applications in a cloud environment to see what it’s all going to look like and ensure it’s going to work before they put it into production. This is a way we’re taking some of the fear out of the transition.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Until a few weeks ago, one of the most important things to do was to find a champion for cloud computing who could replace ex-federal CIO Vivek Kundra’s passion. With the new federal CIO now in place, other ongoing financial pressures could become the primary, or only, driver of government IT consolidation, and that is not going to be enough. Steven VanRoekel will need to maintain, if not increase, the passion for guiding the agencies with a grand vision as this is still important at this stage.

Another driver in the government cloud space is that IT staff members will retire. There is a natural attrition rate. And, agencies should look to replace those people with staff who already have experience developing for and managing cloud resources as they will have an understanding of how to adapt their work skills and strategies as cloud computing continues its evolution.

As far as technical factors that might influence things, one to keep an eye on has to do with data security. Currently, to perform a unit of work on an encrypted piece of data, it first needs to be decrypted. There is now research going on – one such project is on homomorphic encryption, another is called predicate encryption – that would allow the ability to do computational work on encrypted data without having to decrypt it first. That might not be ready in the next 3-5 years, but when it is at the point where it is useful and not just an academic exercise, a lot of the questions specifically around cloud security are going to evaporate.

Marco MartinezServices Marketing Manager, Dell Federal Government

We’re going to continue to acquire best-of-breed technology and solutions; we’re going to work closely with partners such as Microsoft, OpenStack and Hadoop to develop better offers. We’re a leading supplier to government agencies already, and I think our very close relationships with our government customers helps us define ways to better serve them, and most importantly - help them to accomplish their mission.

We’re constantly trying to bring new solutions to market in a way that’s going to focus on both the evolutionary and revolutionary adoption of the cloud. However our customers want to get there, we’ll help them get there, and we’ll do it with their mission as our priority.

Steve RileyTechnical Leader, Office of the CTO, Riverbed Technology

Our job is to make the cloud easier and faster for agencies to use. We will work closely with federal customers and with our partners to bring solutions to market that allow organizations to utilize public and private cloud infrastructure with no negative impact to the end user.

And, we will continue to pursue appropriate certification and compliance so agencies know they can rely on our technology to accelerate their move to the cloud.